This PR refactors ipaservice to reduce the number of variables (in
favor of a 'struct') and to group member management code so that it
can be leveraged, and not partially duplicated, between the states
and actions.

Altough this code is less direct that the previous one, it will reduce
the number fo changes to be made if changes to member management is
required.

ipaservice: Use IPAAnsibleModule member result handler.

ansible_module_utils: Add method to get parameters as lowercase.

Use IPAAnsibleModule default error handler for member arguments instead
of a custom one.

When managing ipaservice members, gen_add_del_lists, gen_add_list and
get_intersection_list should be used and the result tested for empty
sets so already existing or missing members are not added or removed
again.

This changes fixes this behavior, by applying these functions to all
ipaservice members.

CI: Add supoprt for Shellcheck

automember: Fix behavior of unused parameters.

Add shellcheck as an action to be executed on every PR.

`Shellcheck` is a linter tool for shell scripts that is also used in
Automation Hub.

This change adds a pre-commit hook to run shellcheck on shell scripts.
The hook uses a Docker image, which needs to be downloaded on the first
run. It works well  with `podman`.

build-galaxy-release: Cleanup of ipabackup_get_backup_dir.py link

CI: Test modules against Ansible core 2.11 and latest Ansible

The link for plugins/modules/ipabackup_get_backup_dir.py from
roles/ipabackup/library/ipabackup_get_backup_dir.py was left over
after the script finished.

Changes needed to pass Automation Hub tests

__metaclass__ is required for all plugins to be able to pass
Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

Currently, upstream CI test documentation against different Ansible
versions, but playbook tests are only executed with Ansible 2.9 series.
This patch add support for running playbook tests against Ansible 2.9,
ansible-core 2.11, and against latest version of Ansible.

As running all the tests for every PR would take too long, the tests
for every PR use only Anisble 2.9, and are executed on Fedora-latest
and CentOS 7 and 8.

A new pipeline for nightly tests was added, which runs the tests in the
same distros, using Ansible 2.9, latest and Ansible-core 2.11.

ipaprivilege: Fix permissions handling.

sudorule: Fix runas with external users and groups.

Many module member attributes must be handled in a case insensitive
manner. To ease handling these cases, a function and a method to get
the module parameters converted to lowercase is provided.

If a task with 'action: automember' tried to modify an automember rule
and did not provide either 'inclusive' or 'exclusive' parameters, the
regex for the missing arguments would be removed.

This patch fixes this behavior to only modify those parameters that
were set on the task, and leave the missing parameters in the state
they were before the task.

Tests have been updated to verify expected behavior.

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1976922

When setting 'runasuser' or 'runasgroup' for a sudorule, either IPA or
external users and groups can be used, but only IPA users and groups
were being searched for when modifying the attributes, making this task
not idempotent if an external group or user was used..

This patch fixes this issue by comparing users and groups to the IPA
and external setting.

The IPA CLI commands are slightly confusing, as the sudorule-add and
sudorule-mod display separate options for internal and external users
and groups, but these options are deprecated and do not work anymore,
in favor of sudorule-add-runasuser and sudorule-add-runasgroup, which
don't diferentiate between internal and external users, from the CLI
user perspective.

ipaservice: Fix idempotent behavior for principal aliases.

This patch removes the custom command result handler in favor of the
IPAAnsibleModule default member handler and fixes creation of add and
del lists of permissions, fixing the behavior of the moudule execution
when 'check_mode: yes'.

A wrong parameter 'member_permission' was being used to obtain the
existing permissions, and was changed to 'memberof_permission'.

When creating the lists to add/remove principal aliases, if the realm
was not specified, the alias would be used as it did not matched the
existing one, which has the realm part.

This patch fixes the add/del list creation by adding the current API
realm to each alias that does not have the realm part and then use
this modified list to be compared against the existing principal list.

This change also allows the use of the whole list in a single call to
the IPA API to add/remove the principals, instead of a call for every
one item in the list.

galaxyfy: Fix newline issue in module examples

The newlines in module examples have been removed due to wrong strip for
the input lines.

galaxyfy: Fix roles after vars

If roles have been used after vars, the name of the role was not changed
as the "vars:" section was turning off changeable. A "roles:" section is
now turning on changeable.

build-galaxy-release.sh: Use proper action plugins path plugins/action

The action plugins path was wrong. It was "plugins/action_plugins" and
should have been "plugins/action".